Cloud Computing in GxP Environment



Similar documents
Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity

Pharma CloudAdoption. and Qualification Trends

Clinical Trials in the Cloud: A New Paradigm?

Services Providers. Ivan Soto

Regulated Applications in the Cloud

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

Cloud Computing Security Issues

SaaS Adoption Lifecycle in Life-Sciences Companies

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

SYLOGENT DEDICATED HOSTING

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi

Using SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium

GAMP 4 to GAMP 5 Summary

Cloud Services Overview

Cloud Vendor Evaluation

This interpretation of the revised Annex

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

Case Study. SFDC VEEVA Interface Development and Application and Data Support for Leading Pharmaceutical Organization. Quick Facts.

How To Run A Cloud Based Data Centre

Validating Cloud. June 2012 Merry Danley

Luis Melo Head of CRM/CX. Capventis. Policy Automation. Knowledge Management. Field Service Management. Web Customer Service

QA Software. a new way to view qa. Centralized, cloud-based data for easy management of TG-142 reporting. QA Pilot

Compliance Response SIMATIC SIMATIC PCS 7 V8.1. Electronic Records / Electronic Signatures (ERES) Edition 03/2015. Answers for industry.

Client Services Service Level Agreement

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

ensurcloud Service Level Agreement (SLA)

AssurX Makes Quality & Compliance a Given Not Just a Goal

Off-the-Shelf Software: A Broader Picture By Bryan Chojnowski, Reglera Director of Quality

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

FTP-Stream Data Sheet

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

Enterprise Mobile App Management Essentials. Presented by Ryan Hope and John Nielsen

Managing Cloud Computing Risk

Optimizing Quality Control / Quality Assurance Agents of a Global Sourcing / Procurement Strategy

Logging In: Auditing Cybersecurity in an Unsecure World

Taking Information Security Risk Management Beyond Smoke & Mirrors

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

White Paper: Vendor Selection for Your Life Science Company Cloud

Information Security: Cloud Computing

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Regulated Documents. A concept solution for SharePoint that enables FDA 21CFR part 11 compliance when working with digital documents

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

MOC Administering Microsoft SQL Server 2014 Databases

Testing Automated Manufacturing Processes

Third-Party Cybersecurity and Data Loss Prevention

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.

Outsourcing BI Maintenance Services Version 3.0 January With SourceCode Inc.

FAQ Answers to frequently asked questions relating to the security, protection and redundancy of images stored in the Eclipse Data Center

GxP Process Management Software. White Paper: Ten Most Common Reasons for FDA 483 Observations and Warning Letter Citations

How to implement a Quality Management System

MS Administering Microsoft SQL Server Databases

CrossPoint for Managed Collaboration and Data Quality Analytics

Managed Services Overview

OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE

Best Practices in Contract Migration

Validating Enterprise Systems: A Practical Guide

The Paperless QMS March 2012

Validation Best Practice for a SaaS

Firewall Administration and Management

Volume 11 Number 4 July 2007

REMOTESTOR CLOUD BASED DATA REPLICATION

Validation Consultant

Regulatory Asset Management: Harmonizing Calibration, Maintenance & Validation Systems

Product Complaints Management. Infosys Handbook for Life Sciences

Guidebook to MEF Certification

CoSign for 21CFR Part 11 Compliance

QMS for Software as a Medical Device [SaMD] Lessons Learned from a Quality Perspective

The Business Case For Private Cloud Services

Four Things You Must Do Before Migrating Archive Data to the Cloud

Logging and Alerting for the Cloud

SQL Server 2014

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

Shared Assessments Program Case Study

Key Considerations of Regulatory Compliance in the Public Cloud

State of Ohio Private Cloud Managing Severity 1 Tickets

Clinical database/ecrf validation: effective processes and procedures

ediscovery Implementation Services Statement of Work To be Executed under State Blanket Contract ITS53 Cat2B

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

HBR Consulting Data Center Service Offerings

Cloud Security Trust Cisco to Protect Your Data

Project Prism - Kyle Hochenberger Johnson & Johnson SAP IT Service Management David Birkenbach SAP Session 1603

Product Lifecycle Management in the Medical Device Industry. An Oracle White Paper Updated January 2008

24/7 Monitoring Pro-Active Support High Availability Hardware & Software Helpdesk. itg CloudBase

ComplianceSP TM on SharePoint. Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013

Blue Fire Thames Court 1 Victoria Street Windsor SL4 1YB enquiries@bluefire-uk.com

Top Seven Risks to Consider When Selecting a Life Science LMS

Administering Microsoft SQL Server Databases MOC 20462

SaaS A Product Perspective

Transcription:

Cloud Computing in GxP Environment Kathy Gniecko Hoffmann LaRoche 3rd April 2014, Stevenage 1

Introductions 18 years Experience in Pharma across all aspects of CSV. Prior to CSV experience in Pharma Research, Development and QC testing. Currently challenged to help IT deliver GxP sensitive solutions to the cloud in a compliant manner. 3rd April 2014, Stevenage 2

Cloud SIG - 2013 Cloud SIG was set up early 2013. A small team representing cross section of large/small Pharma and cloud service providers SMEs started working together in delivering the guidance to the industry and FDA. Goal Ongoing dialogue between GAMP/ISPE and FDA and mutual understanding of the challenges of operating in the Cloud Provide guidance on usage of cloud technologies in the GxP environment in order to accelerate adoption of this technology while maintaining control in a consistent manner. 3rd April 2014, Stevenage 3

Cloud SIG - 2013 3rd April 2014, Stevenage 4

Cloud SIG - 2013 Working representation of the delivery models and basic responsibilities 3rd April 2014, Stevenage 5

Cloud SIG - 2013 Cloud providers offer: Extremely fast and flexible solution delivery On-demand scalability Business continuity solutions Easy solutions for backup and archiving For a considerably lower cost than traditional in-house computing can match 3rd April 2014, Stevenage 6

Cloud SIG - 2013 Cloud providers offer: Extremely fast and flexible solution delivery On-demand scalability Business continuity solutions Easy solutions for backup and archiving For a considerably lower cost than traditional in-house computing can match BUT the framework for managing regulated systems. in the cloud needs examination 3rd April 2014, Stevenage 7

Cloud SIG - 2013 Cloud Providers: Diverse customer base (mostly non-pharma clients) Have more power than pharma companies to dictate how the quality aspects of the cloud business should run Some large cloud providers refuse to provide transparency on processes, consider this as proprietary information 3rd April 2014, Stevenage 8

Cloud SIG - 2013 High level problem statement and approach - the how Identification of friction areas _ business vs regulatory GAMP Position on acceptable risks 3rd April 2014, Stevenage 9

2014 Closing the GAP Recognize the different cloud deployment models. For each of these deployment modes, analyze the traditional IT controls and underlying actions. Obtain a clear and detailed overview of the responsibilities between the cloud service provider and pharma firms. Analyze if this new model will require different or additional controls to ratify the rigor of the pharma industry. 3 rd April 2014, Stevenage 10

Cloud SIG - 2014 High level problem statement and approach - the how Audit & Oversight Vendor Mgt Alternative Standards System Delivery Testing System Delivery (Complete Lifecycle) 3rd April 2014, Stevenage 11

Cloud SIG - 2014 Activities and Timelines 1Q14 2Q14 3Q14 4Q14 1Q15 3rd April 2014, Stevenage 12

Cloud SIG - 2014 Systematic Review of GAMP 5 Operational Controls Corresponding Responsibilities Insert picture from big spreadsheet Process element Process element; Service provider Health Authority regulated company Vendor management controls Initial assessment/ audit SLA / ongoing control Identify and Log Incident x - technical X - not being able to access "stuff" Incident Management CAPA Evaluate Incident Resolve Resume normal operations notification x - all Evaluate for what was running x x x x yes - notification based on impact - need to consider where limit is and timing x - for all incidents that effect the application Incident Closeout x x Identify and Log Problem x Determine Corrective Action x Root Cause Analysis x Determine Preventative Action x Document Outcome x Evaluate Success of CA and/or PA x 3rd April 2014, Stevenage 13

Objectives To Discuss: Language and attributes to describe Cloud providers Risk models to use to consider when moving to a cloud provider The level to which we would desire to be informed of Cloud provider Incidents and Problems 3rd April 2014, Stevenage 14

Cloud Vendor Models Capability/Enabler Bucket 1 GXP capable Bucket 2 GXP tolerant Bucket 3 unaware and intolerant Qualification Documents Customer Specific Change Practices Qualification Tools/ Guidance Permits Onsite Audit Ability to Support Enterprise Scale Service/Deployment Models Cost Profile 3rd April 2014, Stevenage 15

Public Cloud Provider - Private Cloud Risk Profiles Early Research Process/Data - Mfg / Distribution 3rd April 2014, Stevenage 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information